Skip to main content
CVE-2022-28219 CRITICAL POC PATCH THREAT Act Now

Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Zoho RCE XXE Manageengine Adaudit Plus
NVD
CVSS 3.1
9.8
EPSS
97.0%
CVE-2022-28468 CRITICAL POC Act Now

Payroll Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Payroll Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-28467 CRITICAL POC Act Now

Online Student Admission v1.0 was discovered to contain a SQL injection vulnerability via the txtapplicationID parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Student Admission
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-28116 CRITICAL POC Act Now

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Banking System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-28115 CRITICAL POC Act Now

Online Sports Complex Booking v1.0 was discovered to contain a SQL injection vulnerability via the id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Sports Complex Booking
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-27304 CRITICAL POC Act Now

Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via the user parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Student Grading System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-27124 CRITICAL POC Act Now

Insurance Management System 1.0 was discovered to contain a SQL injection vulnerability via the username parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Insurance Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-27123 CRITICAL POC Act Now

Employee Performance Evaluation v1.0 was discovered to contain a SQL injection vulnerability via the email parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Employee Performance Evaluation
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-26628 CRITICAL POC Act Now

Matrimony v1.0 was discovered to contain a SQL injection vulnerability via the Password parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Matrimony
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-26635 CRITICAL POC THREAT Act Now

PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Memcached
NVD GitHub
CVSS 3.1
9.8
EPSS
21.4%
CVE-2022-1212 CRITICAL POC PATCH Act Now

Use-After-Free in str_escape in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption RCE Use After Free Mruby
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-24231 CRITICAL POC Act Now

Simple Student Information System v1.0 was discovered to contain a SQL injection vulnerability via add/Student. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Student Information System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-26585 CRITICAL POC Act Now

Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability via /cms/content/list. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Mcms
NVD
CVSS 3.1
9.8
EPSS
5.6%
CVE-2022-24780 HIGH POC PATCH This Week

Combodo iTop is a web based IT Service Management tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Itop
NVD GitHub
CVSS 3.1
8.8
EPSS
5.3%
CVE-2022-26630 HIGH POC This Week

Jellycms v3.8.1 and below was discovered to contain an arbitrary file upload vulnerability via \app.\admin\Controllers\db.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Jellycms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-0793 HIGH POC This Week

Use after free in Cast in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Memory Corruption Use After Free Denial Of Service Chrome
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-0789 HIGH POC This Week

Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Memory Corruption Buffer Overflow Chrome
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-0470 HIGH POC This Week

Out of bounds memory access in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Memory Corruption Buffer Overflow Chrome
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-0467 HIGH POC This Week

Inappropriate implementation in Pointer Lock in Google Chrome on Windows prior to 98.0.4758.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Microsoft Chrome
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-1235 HIGH POC PATCH This Week

Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Live Helper Chat
NVD GitHub
CVSS 3.1
8.2
EPSS
0.5%
CVE-2022-1213 HIGH POC PATCH This Week

SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Live Helper Chat
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2022-23909 HIGH POC This Week

There is an unquoted service path in Sherpa Connector Service (SherpaConnectorService.exe) 2020.2.20328.2050. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Sherpa Connector Service
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-26281 HIGH POC This Week

BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bigant Server
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-24795 HIGH POC PATCH This Week

yajl-ruby is a C binding to the YAJL JSON parsing and generation library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Heap Overflow Yajl Ruby
NVD GitHub
CVSS 3.1
7.5
EPSS
3.5%
CVE-2022-26619 HIGH POC This Week

Halo Blog CMS v1.4.17 was discovered to allow attackers to upload arbitrary files via the Attachment Upload function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Halo
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-25584 HIGH POC This Week

Seyeon Tech Co., Ltd FlexWATCH FW3170-PS-E Network Video System 4.23-3000_GY allows attackers to access sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Fw3170 Ps E Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-26986 HIGH POC This Week

SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this allows an attacker to read and modify the sensitive information from the database. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Impresscms
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
4.1%
CVE-2022-26982 HIGH POC This Week

SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Code Injection Simple Machines Forum
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
9.2%
CVE-2022-0609 HIGH POC KEV PATCH THREAT Act Now

Google Chrome contains a use-after-free vulnerability in the Animation component that allows remote attackers to exploit heap corruption via crafted HTML pages, exploited in February 2022 by North Korean APT groups.

Google Chrome
NVD
CVSS 3.1
8.8
EPSS
40.1%
CVE-2022-1243 MEDIUM POC PATCH This Month

CRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js prior to 1.19.11. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Uri Js
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-0790 CRITICAL Act Now

Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially perform a sandbox escape via a. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Use After Free Denial Of Service Chrome
NVD
CVSS 3.1
9.6
EPSS
0.9%
CVE-2022-0466 CRITICAL PATCH Act Now

Inappropriate implementation in Extensions Platform in Google Chrome prior to 98.0.4758.80 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Chrome
NVD
CVSS 3.1
9.6
EPSS
0.6%
CVE-2022-0452 CRITICAL Act Now

Use after free in Safe Browsing in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Use After Free Denial Of Service Chrome
NVD
CVSS 3.1
9.6
EPSS
0.7%
CVE-2022-1244 MEDIUM POC PATCH This Month

heap-buffer-overflow in GitHub repository radareorg/radare2 prior to 5.6.8. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Heap Overflow Radare2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-25373 MEDIUM POC This Month

Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zoho XSS Manageengine Supportcenter Plus
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2022-24811 MEDIUM POC PATCH This Month

Combodi iTop is a web based IT Service Management tool. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Itop
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-0602 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - DOM in GitHub repository tastyigniter/tastyigniter prior to 3.3.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Tastyigniter
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-26615 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in College Website Content Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS College Website Content Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-25356 MEDIUM POC This Month

Alt-N MDaemon Security Gateway through 8.5.0 allows SecurityGateway.dll?view=login XML Injection. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Securitygateway
NVD
CVSS 3.1
5.3
EPSS
5.9%
CVE-2022-24978 HIGH PATCH This Week

Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Zoho Manageengine Adaudit Plus
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-0809 HIGH This Week

Out of bounds memory access in WebXR in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Buffer Overflow Chrome
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-0808 HIGH This Week

Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in a series of user interaction to potentially exploit. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Use After Free Denial Of Service Chrome
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-0805 HIGH This Week

Use after free in Browser Switcher in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Use After Free Denial Of Service Chrome
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-0800 HIGH This Week

Heap buffer overflow in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Buffer Overflow Chrome
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-0799 HIGH This Week

Insufficient policy enforcement in Installer in Google Chrome on Windows prior to 99.0.4844.51 allowed a remote attacker to perform local privilege escalation via a crafted offline installer file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Microsoft Chrome
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-0798 HIGH This Week

Use after free in MediaStream in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Use After Free Denial Of Service Chrome
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-0797 HIGH This Week

Out of bounds memory access in Mojo in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Buffer Overflow Chrome
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2022-0796 HIGH This Week

Use after free in Media in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Use After Free Denial Of Service Chrome
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-0795 HIGH This Week

Type confusion in Blink Layout in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Information Disclosure Chrome
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-0794 HIGH This Week

Use after free in WebShare in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Use After Free Denial Of Service Chrome
NVD
CVSS 3.1
8.8
EPSS
1.0%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy